shopify-expert
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references legitimate and official Shopify development packages (e.g.,
@shopify/app,@shopify/hydrogen) and other well-known ecosystem libraries likevitestandweb-vitals. - [COMMAND_EXECUTION]: Provides standard instructions for using the Shopify CLI and NPM to perform development tasks such as app scaffolding, local previews, and theme deployment (e.g.,
npm run shopify app dev). - [PROMPT_INJECTION]: The skill is designed to manage storefront and admin data, creating a surface for indirect prompt injection from untrusted external inputs. * Ingestion points: Custom delivery instructions in checkout extensions and order payloads processed via webhooks. * Boundary markers: Liquid templates demonstrate the use of
| escapeand| jsonfilters to prevent malformed or malicious output. * Capability inventory: The skill is focused on generating Shopify-specific integration code, GraphQL mutations, and CLI-based deployment commands. * Sanitization: Code examples and constraints prioritize input validation and the use of built-in filters to securely process customer-supplied content.
Audit Metadata